home

PaopaoWeather.exe

天气查询

Chongqing Bannisha Network Information Technology Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PaopaoWeather’.
Publisher:
重庆半泥沙网络信息技术有限公司  (signed by Chongqing Bannisha Network Information Technology Co., Ltd)

Product:
天气查询

Description:
PaoPaoWeather 天气查询

Version:
1.00.0112

MD5:
ba9cb3887a4ef5c743e74e90e674bbb1

SHA-1:
37508b028f01b9e790717030d33d32492df046a0

SHA-256:
545588be774ebae6722e2296584dd8fbef0a8f8290e3cf2118f6394f9e74768d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 9:35:09 PM UTC  (today)

File size:
612 KB (626,680 bytes)

Product version:
1.00.0112

Original file name:
PaopaoWeather.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\paopaoweather\paopaoweather.exe

Digital Signature
Signed by:
Chongqing Bannisha Network Information Technology Co., Ltd

Authority:
WoSign eCommerce Services Limited

Valid from:
11/29/2012 12:13:06 PM

Valid to:
11/30/2013 10:21:18 PM

Subject:
E=cq198@sina.com, CN="Chongqing Bannisha Network Information Technology Co., Ltd", O="Chongqing Bannisha Network Information Technology Co., Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
229317ED9488F8

File PE Metadata
Compilation timestamp:
1/5/2013 1:04:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ILgLZMLZruPmrCIEijdxA0s8u7OLZD2/C2cR:IckruPWCCd3s8u7WB

Entry address:
0x34E0

Entry point:
68, 04, 37, 40, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 92, 38, 29, 60, 77, F0, DD, 41, 8A, FD, E8, BA, 42, AD, 8F, 5E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 21, A5, F8, 00, 23, AA, 50, 61, 6F, 50, 61, 6F, 57, 65, 61, 74, 68, 65, 72, 00, 38, B7, 00, 00, 43, 96, C9, 00, 45, 9E, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 6B, 21, 45, 01, 62, B7, 68, 4E, 81, 22, EC, A1, D0, 73, 75, D1, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Entropy:
6.5237

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
456 KB (466,944 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PaopaoWeather

Command:
C:\Program Files\paopaoweather\paopaoweather.exe


Scan PaopaoWeather.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.